AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/essential-eight-maturity/cots-software.md

Summary

Added security control keywords, updated section headings, and corrected security group documentation links.

Security assessment

Added explicit security control listing and updated links to security documentation. No vulnerability fixes, but improves security feature documentation.

Diff

diff --git a/prescriptive-guidance/latest/essential-eight-maturity/cots-software.md b/prescriptive-guidance/latest/essential-eight-maturity/cots-software.md
index 851ae27f8..271dc6271 100644
--- a//prescriptive-guidance/latest/essential-eight-maturity/cots-software.md
+++ b//prescriptive-guidance/latest/essential-eight-maturity/cots-software.md
@@ -5 +5,3 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Reaching Essential Eight maturity on AWS](introduction.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Reaching Essential Eight maturity on AWS: Security and compliance for Australian organizations](introduction.html)
+
+Application controlPatch applicationsRestrict administrative privilegesPatch operating systemsMulti-factor authenticationRegular backups
@@ -15 +17 @@ For this workload, the cloud and application teams take the following actions to
-_Application control_
+## Application control
@@ -28 +30 @@ _Application control_
-_Patch applications_
+## Patch applications
@@ -34 +36 @@ _Patch applications_
-  * The application team restricts direct access to their EC2 instances by configuring [security group rules](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html) to allow traffic only on the ports that the workload requires.
+  * The application team restricts direct access to their EC2 instances by configuring [security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) to allow traffic only on the ports that the workload requires.
@@ -45 +47 @@ _Patch applications_
-_Restrict administrative privileges_
+## Restrict administrative privileges
@@ -47 +49 @@ _Restrict administrative privileges_
-  * The application team configures [security group rules](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html) to allow traffic only on the ports that the workload requires. This restricts direct access to Amazon EC2 instances and requires that users access EC2 instances through Session Manager.
+  * The application team configures [security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) to allow traffic only on the ports that the workload requires. This restricts direct access to Amazon EC2 instances and requires that users access EC2 instances through Session Manager.
@@ -58 +60 @@ _Restrict administrative privileges_
-_Patch operating systems_
+## Patch operating systems
@@ -71 +73 @@ _Patch operating systems_
-_Multi-factor authentication_
+## Multi-factor authentication
@@ -78 +80 @@ _Multi-factor authentication_
-_Regular backups_
+## Regular backups
@@ -93 +95 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Containerised web service
+Workload example: Containerised web service